Modeling Data Protection and Privacy: Application and Experience with GDPR

Torre, Damiano; Alferez, Mauricio; Soltana, Ghanem; Sabetzadeh, Mehrdad; Briand, Lionel

Reference : Modeling Data Protection and Privacy: Application and Experience with GDPR


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/48170

Title :	Modeling Data Protection and Privacy: Application and Experience with GDPR
Language :	English
Author, co-author :	Torre, Damiano [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
	Alferez, Mauricio [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
	Soltana, Ghanem [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Sabetzadeh, Mehrdad [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
	Briand, Lionel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
Publication date :	In press
Journal title :	Software and Systems Modeling
Publisher :	Springer
Peer reviewed :	Yes (verified by ORBi^lu)
Audience :	International
ISSN :	1619-1366
e-ISSN :	1619-1374
Country :	Germany
Keywords :	[en] GDPR ; regulatory compliance
Abstract :	[en] In Europe and indeed worldwide, the Gen- eral Data Protection Regulation (GDPR) provides pro- tection to individuals regarding their personal data in the face of new technological developments. GDPR is widely viewed as the benchmark for data protection and privacy regulations that harmonizes data privacy laws across Europe. Although the GDPR is highly ben- e cial to individuals, it presents signi cant challenges for organizations monitoring or storing personal infor- mation. Since there is currently no automated solution with broad industrial applicability, organizations have no choice but to carry out expensive manual audits to ensure GDPR compliance. In this paper, we present a complete GDPR UML model as a rst step towards de- signing automated methods for checking GDPR compli- ance. Given that the practical application of the GDPR is infuenced by national laws of the EU Member States,we suggest a two-tiered description of the GDPR, generic and specialized. In this paper, we provide (1) the GDPR conceptual model we developed with complete trace- ability from its classes to the GDPR, (2) a glossary to help understand the model, (3) the plain-English de- scription of 35 compliance rules derived from GDPR along with their encoding in OCL, and (4) the set of 20 variations points derived from GDPR to specialize the generic model. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	IMOREF
Target :	Researchers ; Professionals
Permalink :	http://hdl.handle.net/10993/48170

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Modeling_Data_Protection_and_Privacy__Application_and_Experiencewith_GDPR.pdf		Author preprint	1.17 MB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices